False Positive Probability: medium

This Code executes code that was crypted by base64 encoding. Allthough it is commonly used by malware scripts it might also be part of non-malicious scripts encoded by obfuscating tools. Attackers can use this script to send spam emails for example.

Simplified example:

<?php
$x = 'WyJoZWxsbyJd';
eval(base64_decode($x));
?>
{ISPP}suspect.eval.base64

Marius Burkard has been working as a software developer for 20 years and has several years of experience as a server administrator. As one of the lead developers of the ISPConfig control panel and technical contact for several hundred web hosting customers, he has extensive experience with malware, hacked websites and the analysis of vulnerabilities.